← Back to Home
Privacy Policy
Last updated: March 28, 2026
1. Introduction
Plain English: This policy explains what data we collect, how we use it, and what rights you have. We do not sell your personal information.
This Privacy Policy describes how LPJ SERVICES LLC ("Company", "we", "us", "our"), a Florida limited liability company, collects, uses, and protects information when you use OpenClaw ("Service"), operated at clawtobusiness.com.
By using the Service, you agree to the collection and use of information as described in this Privacy Policy. This policy applies to all users of the platform, including business owners ("Subscribers") and the customers who interact with Subscriber-powered AI chatbots and websites ("End Users").
We do not sell your personal information. Not now, not ever. Your data exists to power your business, not to be packaged and sold to third parties.
2. Information We Collect
Plain English: We collect the info you give us (name, email via Google login), technical info from your browser, and the data your customers share through your AI chatbot.
a) Personal Information (Subscribers)
When you create an account, we collect:
- Account information: Name, email address, and profile picture provided through Google OAuth
- Billing information: Stripe customer ID and subscription details (we never see or store your full credit card number)
- Business information: Business name, industry, service areas, and AI persona configuration
b) Usage Data
We automatically collect:
- IP address and approximate location
- Browser type and operating system
- Pages visited and features used within the Service
- Session duration and timestamps
c) Customer Data (End Users)
When your customers interact with your AI chatbot, website, or messaging channels, we process on your behalf:
- Name, email, phone number (when voluntarily provided by the customer)
- Conversation messages and chat history
- Lead qualification data (interest level, service requested)
- WhatsApp messages (when WhatsApp channel is enabled)
3. How We Use Information
Plain English: We use your data to run the platform, process payments, improve the service, and power your AI chatbot. That's it.
We use the information we collect to:
- Provide the Service: Create and maintain your account, generate AI-powered websites and chatbots, manage your business presence
- Process payments: Handle subscriptions and billing through Stripe
- Improve the Service: Analyze usage patterns to fix bugs, improve features, and develop new functionality
- Communicate with you: Send account notifications, billing receipts, and service updates
- AI operations: Process conversations through AI models to provide intelligent responses to your customers
- Security: Detect and prevent fraud, abuse, and unauthorized access
- Legal compliance: Meet our obligations under applicable laws
4. AI and Your Data
Plain English: Your conversation data trains AI models ONLY for your business. We never use your data to train general AI models or share it with other businesses.
OpenClaw uses artificial intelligence to power chatbots, lead qualification, and content generation for your business. Here is exactly how your data interacts with AI:
- Per-business AI training: Conversation data and knowledge base content are used to train and improve AI responses exclusively for your business. Your data is never mixed with another business's data.
- No general model training: Your data is never used to train general-purpose AI models. We do not contribute your conversations, customer information, or business data to any shared training datasets.
- AI providers: Conversations are processed through third-party AI providers (see Section 5). These providers receive conversation content to generate responses but do not use your data to train their general models under our commercial agreements.
- AI-powered lead scoring: Our system uses AI to automatically score and qualify leads based on conversation content (see Section 16 for more details).
- Data isolation: Each business on the platform operates in a fully isolated environment. Your AI persona, knowledge base, and customer data are completely separate from every other business.
5. Data Sharing and Sub-Processors
Plain English: We share data only with the services we need to run the platform. Here's the complete list — no hidden partners.
We do not sell, rent, or trade your personal information. We share data only with the following sub-processors, solely to provide the Service:
| Service | Purpose | Data Shared | Country |
|---|
| Stripe | Payment processing | Email, subscription details | US |
| Google OAuth | Authentication | Email, name, profile picture | US |
| OpenAI | AI conversation processing (primary) | Conversation content, business context | US |
| Anthropic (Claude) | AI processing (per business config) | Conversation content, business context | US |
| Google AI (Gemini) | AI processing (per business config) | Conversation content, business context | US |
| Railway | Application hosting and database | All application data | US |
| Hetzner | WhatsApp messaging infrastructure | WhatsApp messages (see Section 6) | US/EU |
| Cloudflare | Static site hosting and CDN | Website content, visitor analytics | US |
| Resend | Transactional email delivery | Email addresses, email content | US |
We may also share data when required by law, court order, or to protect the rights and safety of our users and the public.
6. WhatsApp and Messaging Data
Plain English: If you enable WhatsApp for your business, customer messages flow through our messaging server. We process them to power your AI chatbot and store them as part of your conversation history.
When a Subscriber enables WhatsApp as a communication channel, customer messages are processed through Evolution API, a self-hosted messaging gateway running on our infrastructure (Hetzner VPS).
- Message processing: Incoming WhatsApp messages are received by our messaging server, processed through AI to generate responses, and delivered back to the customer
- Message storage: Messages are stored as part of the conversation history within your business's isolated data environment
- No cross-business sharing: WhatsApp conversations from one business are never accessible to another business
- WhatsApp's own policies: Messages sent via WhatsApp are also subject to WhatsApp's Privacy Policy
- Opt-out: Subscribers can disable WhatsApp integration at any time through their dashboard. Existing message history will be retained according to our standard retention policy
7. Data Storage and Security
Plain English: We use industry-standard encryption and security practices. Sensitive data like API keys are encrypted at rest. All connections use HTTPS.
We take the security of your data seriously and implement the following measures:
- Encryption at rest: Sensitive fields (API keys, integration tokens) are encrypted using industry-standard encryption before storage
- Encryption in transit: All data transmitted between your browser and our servers is protected with TLS/HTTPS
- Authentication security: We use Google OAuth for authentication, meaning we never handle or store your password
- Session management: Secure, HTTP-only cookies with appropriate expiration
- Access controls: Business data is isolated at the database level. Each business can only access its own data
- Rate limiting: API endpoints are rate-limited to prevent abuse
- Infrastructure security: Our hosting providers (Railway, Hetzner, Cloudflare) maintain SOC 2 and/or ISO 27001 certifications
While we implement robust security measures, no system is 100% secure. We encourage you to use strong, unique passwords for your Google account and to report any suspected security issues to [email protected].
8. Data Retention
Plain English: We keep your data while you're a customer. If you cancel, we delete your data within 15 days. Billing records are kept for 7 years as required by law.
- Account data: Retained while your subscription is active
- After cancellation: Account data, business configurations, AI personas, customer conversations, and knowledge base content are deleted within 15 days of cancellation
- Billing records: Retained for 7 years as required by US tax law
- Server logs: Retained for 90 days, then automatically purged
- Customer data (End Users): Retained as long as the Subscriber's account is active. Deleted with the Subscriber's data upon cancellation
You may request early deletion of your data at any time by contacting [email protected]. Early deletion follows the same 15-day processing window.
9. Cookies and Tracking
Plain English: We use only essential cookies to keep you logged in and remember your preferences. No advertising trackers.
We use a minimal set of cookies, all of which are necessary for the Service to function:
| Cookie | Purpose | Duration |
|---|
| Session cookie | Maintains your authenticated session | Browser session |
| Locale cookie | Stores your language preference (EN/PT/ES) | 1 year |
| Consent cookie | Remembers your cookie preferences | 1 year |
We do not use advertising cookies, social media tracking pixels, or third-party analytics cookies. We do not participate in cross-site tracking.
10. Your Rights
Plain English: You can access, correct, delete, or download your data. Just email us and we'll respond within 2 business days.
Depending on your location, you may have the following rights regarding your personal information:
- Right to access: Request a copy of the personal data we hold about you
- Right to correction: Request correction of inaccurate or incomplete data
- Right to deletion: Request deletion of your personal data (also available through your account settings)
- Right to portability: Request your data in a structured, commonly used format
- Right to object: Object to processing based on our legitimate interests
- Right to restrict processing: Request that we limit how we use your data
- Right to withdraw consent: Withdraw consent at any time where processing is based on consent
To exercise any of these rights, contact us at [email protected]. We will respond within 2 business days and fulfill requests within 30 days. You may also delete your account entirely through the Account section of your dashboard.
11. Do Not Sell My Personal Information
Plain English: We do not sell your personal information. Period. This applies to all users, including California residents under CCPA.
Under the California Consumer Privacy Act (CCPA) and similar state privacy laws, you have the right to opt out of the "sale" of your personal information.
We do not sell your personal information. We have never sold personal information and have no plans to do so. We do not share personal information with third parties for their own marketing purposes.
If you are a California resident, you also have the right to:
- Know what personal information we collect, use, and disclose
- Request deletion of your personal information
- Not be discriminated against for exercising your privacy rights
To submit a CCPA request, email [email protected] with the subject line "CCPA Request".
12. Data Processor vs. Data Controller
Plain English: For your account data, we're in charge (controller). For your customers' data, you're in charge and we just process it on your behalf.
Understanding our role helps clarify responsibilities:
- Data Controller (your account): We are the data controller for Subscriber account information, billing data, and usage data. We decide how and why this data is processed.
- Data Processor (your customers): We are the data processor for End User data (your customers' conversations, contact information, and lead data). You, the Subscriber, are the data controller for this information. We process it only on your behalf and according to your instructions.
As a Subscriber, you are responsible for:
- Ensuring you have a lawful basis to collect your customers' data
- Informing your customers about how their data is used
- Responding to your customers' data access or deletion requests (we will assist you)
- Complying with applicable privacy laws in your jurisdiction
13. Children's Privacy
The Service is designed for business owners and is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.
If you believe a child has provided us with personal information, please contact us at [email protected].
14. International Data Transfers
Plain English: Our servers are in the United States. If you're outside the US, your data crosses borders when you use the Service.
Our primary infrastructure is located in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the US.
Some of our sub-processors (see Section 5) may process data in other jurisdictions. We ensure appropriate safeguards are in place through contractual obligations with each sub-processor to protect your data regardless of where it is processed.
By using the Service, you consent to the transfer of your data to the United States and other jurisdictions as described in this policy.
15. Data Breach Notification
Plain English: If there's a data breach affecting your information, we'll notify you within 30 days with details about what happened and what we're doing about it.
In the event of a data breach that compromises your personal information, we will:
- Notify affected users within 30 days of discovering the breach, consistent with Florida law requirements
- Provide a clear description of the nature of the breach
- Describe the types of data involved
- Explain the steps we are taking to address the breach and mitigate potential harm
- Provide guidance on steps you can take to protect yourself
- Notify relevant authorities as required by applicable law
Notifications will be sent via email to the address associated with your account.
16. Automated Decision-Making
Plain English: Our AI scores and qualifies leads automatically based on conversations. This helps prioritize follow-ups but doesn't make final decisions — you always have the last word.
OpenClaw uses automated processing in the following ways:
- Lead qualification: AI analyzes conversations to assign interest scores and identify service needs. This helps Subscribers prioritize follow-ups.
- Conversation routing: AI determines the intent of customer messages to provide relevant responses.
- Content generation: AI generates website content, blog posts, and chatbot responses based on your business profile and knowledge base.
These automated processes assist your business operations but do not make decisions with legal or similarly significant effects on End Users. Subscribers retain full control over how leads are handled and can override any AI-generated assessment.
17. Changes to This Policy
Plain English: If we change this policy in a meaningful way, we'll email you at least 30 days before the changes take effect.
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Provide at least 30 days' prior notice via email to the address associated with your account
- Update the "Last updated" date at the top of this page
- Clearly identify what has changed
Your continued use of the Service after the effective date of a revised policy constitutes your acceptance of the changes. If you do not agree with the updated policy, you may cancel your subscription before the changes take effect.
18. Contact
For questions, concerns, or requests related to this Privacy Policy, contact us at:
LPJ SERVICES LLC
Florida, United States
Email: [email protected]
We aim to respond to all inquiries within 2 business days.
